##################################
#-*- coding:utf8 -*-             #
import  xml.dom
import libxml2dom
from   libxmlmods   import libxml2mod
from   xml.dom      import Node
import re
import malware


       
        
       
def p(download_file):
#    print Node.ELEMENT_NODE
#    , node.ATTRIBUTE_NODE, node.TEXT_NODE, node.CDATA_SECTION_NODE, node.ENTITY_NODE, node.PROCESSING_INSTRUCTION_NODE, node.COMMENT_NODE, DOCUMENT_NODE, node.DOCUMENT_TYPE_NODE, NOTATION_NODE
    html=open(download_file)
    injected=0
    doc = libxml2dom.parseString(html.read(), html=1)
    
    tables = doc.getElementsByTagName("table") 
#    print tables
    lis = doc.getElementsByTagName("li")
 #   print lis
    i=0
    j=0
    for li in lis:
        try:
            first=li.firstChild
            print '[%d]---------'%i
            i+=1
            gNode=google_result.gogole_node(first)
            print gNode.injection_url
            if gNode.mal_or_not():
                injected+=1
            else:
                pass    
##            return
        except Exception,ex:        
#            print Exception,':',ex                   
            pass
    return  injected
   
def pxxx(download_file):
#    print Node.ELEMENT_NODE
#    , node.ATTRIBUTE_NODE, node.TEXT_NODE, node.CDATA_SECTION_NODE, node.ENTITY_NODE, node.PROCESSING_INSTRUCTION_NODE, node.COMMENT_NODE, DOCUMENT_NODE, node.DOCUMENT_TYPE_NODE, NOTATION_NODE
    html=open(download_file)
    injected=0
    doc = libxml2dom.parseString(html.read(), html=1)
    
    tables = doc.getElementsByTagName("table") 
#    print tables
    lis = doc.getElementsByTagName("li")
 #   print lis
    i=0
    for li in lis:
        try:
            first=li.firstChild
            print '[%d]---------'%i
            h=h3(first)            
#            print h
#return {'href':url,'hreftxt':urltxt,'text':text,'cite':cite}            
            rule=r'/title\s*>\s*<\s*script\s+src=\s*"\s*(http://)?([\w-]+\.)+[\w-]+(/[\w-   /?%&=]*).js\s*"*/script>'
          #sizePattern = re.compile(rule)
            score=0
            baddomain=('cn','us','ru','la')
            try:
                textreg=re.search('/title\s*>\s*<\s*script\s+src="(http://)?((([\w-]+\.)+([\w-]+))(/[\w-]+)*/([\w-]+.[jJ][Ss]))"></script>',h['text']).groups()
                print textreg
                if malware.url_check(textreg[0]+textreg[1])==False:
                    print 'malicious url'
                    score=score+50
                else:                        
                    score=score+5                
                    print 'Find suspicious script',textreg[1]
            except:
                pass
#               print 'match fail'
              
            try:                            
                urltxtreg=re.search('(/title\s*>\s*<\s*script)(\s+src="(http://)?((([\w-]+\.)+[\w-]+)(/[\w-]+)*/([\w-]+.[jJ][Ss]))"></script>)*',h['hreftxt']).groups()
                print 'href:'+urltxtreg
                score=score+50
                print 'SQL in title'
            except:
#                print 'match fail'
                 pass
        
        
            try:    
                href=re.search('http://((([\w-]+\.)+([\w-]+))(/[\w-]+)*)',h['href']).groups()                
#                print href
                if textreg[4] in baddomain:
                    score=score+20
                    print 'match in bad domain'
                if textreg[4]!=href[4]:
                    score=score+30                  
                    print 'different domain'
                print href[0]                    
            except:
                 pass
#                print 'match fail'
            print  'Score is',score
            if score>=50:
                injected=injected+1
                print 'Injected!!!!!!!!!!!!!!' 
             
            i=i+1
##            return
        except Exception,ex:        
#            print Exception,':',ex                   
            pass
    return  injected  